The IGMP traffic coming from IGMPPROXY, directed to my provider IP addresses for multicast IPTV, is filtered out by BLACKLIST BOGON blocklist. When I try to open a TV channel the stream does not work. Here the logs showing how the forwarded packets going from my IP to a multicast IP address (224.0.0.0/4) with protocol 2 (I assume IGMP) are filtered by BOGON. If I remove the BOGON filter, the IPTV stream works perfectly fine. --- logs --- Apr 9 10:40:54 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 Apr 9 10:40:56 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 Apr 9 10:41:12 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.2 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 Apr 10 08:10:18 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 --- logs --- Tested in a beta version of 174.
Hello cfusco, thanks for reporting. I've sent a patch to our development mailing list to fix this issue. https://patchwork.ipfire.org/project/ipfire/patch/20230425184009.3674-1-stefan.schantl@ipfire.org/ Please test and report back if this solves the problem. Thanks in advance and best regards, -Stefan
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b5784fbc3308214852e3029bccca20e0f63f35a8
https://blog.ipfire.org/post/ipfire-2-27-core-update-175-is-available-for-testing
I finally tested the patch and I can confirm that it fixes completely the problem. Thank you to all developers and contributors to IPFire project.
https://blog.ipfire.org/post/ipfire-2-27-core-update-175-released